Open Bug 313458 Opened 20 years ago Updated 3 years ago

Choosing "view background image" on right click menu for the yellow warning triangle on error page generates JS Console error

Categories

(Core :: Security: CAPS, defect)

Product:
Core
Component:
Security: CAPS
Type:
defect

Tracking

()

People

(Reporter: deleeuw+bugzilla, Assigned: dveditz)

References

(Depends on 1 open bug,
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1 Summary says all. Reproducible: Always Steps to Reproduce: 1. Hover over yellow warning triangle 2. Right click 3. Choose "view background image" Actual Results: nothing happens except for the error in JS Console Expected Results: To see the yellow warning triangle by itself in the browser This is from the JS Console: Error: uncaught exception: Load of chrome://global/skin/icons/warning-large.png from http://www.adssjsjsjjsjsjsjsj.com denied.
I also get: Security Error: Content at http://www.adssjsjsjjsjsjsjsj.com/ may not load or link to chrome://global/skin/icons/warning-large.png.
Reporter, do you still see this problem with the latest Firefox 2? If not, can you please close this bug as WORKSFORME. Thanks!
Whiteboard: CLOSEME 06/27
Version: unspecified → 1.5.0.x Branch
This is still visible on the trunk: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a6pre) Gecko/20070602 Minefield/3.0a6pre
OS: Windows XP → All
Hardware: PC → All
Whiteboard: CLOSEME 06/27
Version: 1.5.0.x Branch → Trunk
Still exists on: Mozilla/5.0 (Windows; U; Windows NT 6.0; cs-CZ; rv:1.9.2a1pre) Gecko/20090218 Minefield/3.2a1pre
Shunting this over to Core - given that error pages are treated as though they come from the site in question, the code is behaving "as designed" but I agree that it's a bit surprising. Not sure whether we'd take a patch to fix it or not, as it's sort of an edge case and likely means adding a bit of complication/attack surface to nsScriptSecurityManager, but there are people over there who can comment more lucidly on the subject.
Assignee: nobody → dveditz
Component: Security → Security: CAPS
Product: Firefox → Core
QA Contact: firefox → caps
Depends on: 544710
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.3a2pre) Gecko/20100206 Minefield/3.7a2pre Confirmed
Status: UNCONFIRMED → NEW
Ever confirmed: true
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.